Create at least one domain account, either a user or administrator. It's useful to test with both

Ensure the test client has a fully-qualified hostname (e.g. client.example.com). Do not proceed if running hostname returns localhost or similar

Ensure GNOME is installed on the test client

How to test

Open the GNOME Control Center (e.g. by clicking on the top-right menu and then clicking the screwdriver/wrench icon, or by running gnome-control-center from a terminal - this will allow you to see debugging output)

Choose the Users panel

Click the Unlock button, if present

You should get a PolicyKit authorization prompt.

Click the add [+] button in the lower left

Choose the Enterprise login pane

Enter an invalid domain, invalid user, and invalid password for the account

Click on Add. You should see a problem icon on the domain.

Enter the valid domain, invalid user, and invalid password for the account

Click on Add. You should see a problem icon on the user.

Enter the valid domain, valid user, and invalid password for the account

Click on Add. You should see a problem icon on the password.

Enter the right password

Click on Add

If you use a non-administrative user, you should be prompted for administrative credentials.

Expected Results

The user should now be listed in the User Accounts panel of the GNOME Control Center

You should see an output line that looks like passwd output. It should contain an appropriate home directory, and a shell

Check that you have an appropriate entry in your host's keytab: su -c 'klist -k'

You should see several lines with your host name. For example 1 host/$hostname$@FQDN

Check that you can use your keytab with kerberos: su -c 'kinit -k (principal)'

Replace (principal) with the principal from the output of the klist command above. Use the one with the domain capitalized and that looks like host/hostname@DOMAIN) (FreeIPA) or TRUNCATED_HOSTNAME$@DOMAIN (Active Directory)

There should be no output from this command

If you are testing FreeIPA and have set up the FreeIPA Web UI, you can use it to see that the computer account was created under the Hosts section

If you have are testing Active Directory and have console access to the domain controller, you can use the Active Directory Users and Computers tool to see if that the computer account was created under the Computers section